CN110941809A - File encryption and decryption method and device, fingerprint password device and readable storage medium - Google Patents

File encryption and decryption method and device, fingerprint password device and readable storage medium Download PDF

Info

Publication number
CN110941809A
CN110941809A CN201911184417.7A CN201911184417A CN110941809A CN 110941809 A CN110941809 A CN 110941809A CN 201911184417 A CN201911184417 A CN 201911184417A CN 110941809 A CN110941809 A CN 110941809A
Authority
CN
China
Prior art keywords
file
encryption
key
encrypted
fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911184417.7A
Other languages
Chinese (zh)
Inventor
郑茳
肖佐楠
史佳
匡启和
王廷平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCore Technology Suzhou Co Ltd
Original Assignee
CCore Technology Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCore Technology Suzhou Co Ltd filed Critical CCore Technology Suzhou Co Ltd
Priority to CN201911184417.7A priority Critical patent/CN110941809A/en
Publication of CN110941809A publication Critical patent/CN110941809A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a file encryption method, wherein a file encryption key adopted in the file encryption process is secondarily encrypted through a public key of a fingerprint password device and then stored in an encrypted file, even if the position of the encryption key in the encrypted file is determined, the file decryption cannot be directly carried out by using the secondarily encrypted key, so that the security of the file is ensured, and meanwhile, a public and private key for secondarily encrypting the encryption key is safely stored in the device, so that the threat of the loss of the public and private key to the security of the file is avoided; in addition, the fingerprint password device can carry out user identity authentication on the encrypted file in a fingerprint authentication mode at present, so that the convenience of decryption is improved and the user experience is improved compared with the traditional software encryption process in which the user password needs to be manually authenticated. The application also discloses a file encryption device, a file decryption method, a file decryption device, a fingerprint password device and a readable storage medium, and the beneficial effects are achieved.

Description

File encryption and decryption method and device, fingerprint password device and readable storage medium
Technical Field
The present application relates to the field of data management, and in particular, to a file encryption method and apparatus, a file decryption method and apparatus, a fingerprint encryption apparatus, and a readable storage medium.
Background
With the rapid development of internet technology and information technology, the data storage requirement is increasing day by day. The user's need for encryption of private files is also increasing.
Most of file encryption and decryption schemes in the existing market are based on software encryption schemes, and the key of the file is stored in the encrypted file after the file is encrypted under the scheme, so that an attacker can easily know the key and the encryption algorithm, and the encrypted file has the risk of being cracked; in addition, in the file decryption process, a user needs to input a user password, and in case the password is forgotten or lost, the encrypted file cannot be decrypted, and the user experience is affected by the password input process.
Therefore, how to ensure the security of the file and improve the user experience is a technical problem to be solved by the technical personnel in the field.
Disclosure of Invention
The method can ensure the security of the file and improve the user experience; another object of the present application is to provide a file encryption apparatus, a file decryption method, a file decryption apparatus, a fingerprint password apparatus and a readable storage medium.
In order to solve the above technical problem, the present application provides a file encryption method, including:
the fingerprint password device determines an encrypted file and a corresponding encrypted key;
calling a fixedly stored public key to encrypt the encryption key to obtain a secondary encryption key;
storing the secondary encryption key into the encrypted file to generate a file to be output;
and exporting the file to be output.
Optionally, the fingerprint cryptographic device determines the encrypted file and the corresponding encryption key, including:
a fingerprint password device receives a file to be encrypted;
acquiring an encryption key;
and calling the encryption key to encrypt the file to be encrypted to obtain an encrypted file.
Optionally, the obtaining an encryption key includes:
calling a random module to obtain a random number currently used for encrypting the file;
and generating an encryption key according to the random number, and storing the encryption key.
Optionally, generating an encryption key according to the random number includes:
and calling a symmetric encryption algorithm according to the random number to generate a symmetric encryption key.
Optionally, before the fingerprint password device receives the file to be encrypted, the method further includes:
judging whether a public-private key pair exists or not; the public and private key pair comprises a public key and a private key which are matched;
if not, outputting prompt information for verifying the user password;
and if the user password is received and the user password is successfully verified, generating a public-private key pair and fixedly storing the public-private key pair.
The application discloses file encryption device includes:
the data determining unit is used for determining the encrypted file and the corresponding encrypted secret key; the secret key encryption unit is used for calling the fixedly stored public key to encrypt the encryption secret key to obtain a secondary encryption secret key;
the file output unit is used for storing the secondary encryption key into the encrypted file to generate a file to be output;
and the first file exporting unit is used for exporting the file to be output.
The application discloses a file decryption method, which comprises the following steps:
the fingerprint password device carries out user fingerprint and/or login password verification;
when the verification is passed, determining a secondary encryption key in the file to be decrypted;
and calling a fixedly stored private key to decrypt the secondary encryption key to obtain an encryption key.
The application discloses file decryption device includes:
the user authentication unit is used for authenticating the user fingerprint and/or the login password;
the key determining unit is used for determining a secondary encryption key in the file to be decrypted after the verification is passed;
and the key decryption unit is used for calling the fixedly stored private key to decrypt the secondary encryption key to obtain the encryption key.
The application discloses fingerprint password device includes:
a memory for storing a program;
a processor for implementing the steps of the file encryption method and/or the file decryption method when executing the program.
A readable storage medium having stored thereon a program which, when executed by a processor, carries out the steps of the file encryption method and/or the file decryption method of claim 7.
The file encryption method provided by the application comprises the following steps: the fingerprint password device determines an encrypted file and a corresponding encrypted key; calling a fixedly stored public key to encrypt the encryption key to obtain a secondary encryption key; storing the secondary encryption key into the encrypted file to generate a file to be output; and exporting the file to be output.
According to the method, a file encryption key adopted in the file encryption process is secondarily encrypted through a public key of a fingerprint password device and then stored in an encrypted file after secondary encryption, even if the position of the encryption key in the encrypted file is determined, the file decryption cannot be directly carried out by using the secondarily encrypted key, so that the security of the file is guaranteed, meanwhile, a public key and a private key for secondarily encrypting the encryption key are safely stored in the device and cannot be exported, the threat of the public key and the private key to the security of the file is avoided, the security and the reliability of the encryption key are greatly enhanced, and the security of the file is further enhanced; in addition, the fingerprint password device can carry out user identity authentication on the encrypted file in a fingerprint authentication mode at present, greatly improves the convenience of decryption and improves the user experience compared with the traditional software encryption process in which the user password needs to be manually authenticated.
The application also discloses a file encryption device, a file decryption method and device, a fingerprint password device and a readable storage medium, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a file encryption method provided in an embodiment of the present application;
fig. 2 is a schematic diagram illustrating an encryption process of a fingerprint encryption apparatus according to an embodiment of the present disclosure;
fig. 3 is a block diagram of a file encryption apparatus according to an embodiment of the present application;
FIG. 4 is a flowchart of a file decryption method according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating a decryption process performed by a fingerprint encryption device according to an embodiment of the present application;
fig. 6 is a block diagram of a file decryption apparatus according to an embodiment of the present application;
fig. 7 is a block diagram of a fingerprint code device according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a fingerprint code device according to an embodiment of the present application;
fig. 9 is a schematic composition diagram of a fingerprint code device according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a file encryption method, which can ensure the security of files and improve the user experience; the other core of the application is to provide a file encryption device, a file decryption method, a file decryption device, a fingerprint password device and a readable storage medium.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a file encryption method provided in this embodiment; the method can comprise the following steps:
step s110, the fingerprint password device determines an encrypted file and a corresponding encrypted key;
the fingerprint password device refers to equipment for carrying out data encryption processing by calling public and private key encryption technology in a hardware encryption mode through fingerprint and/or password identity authentication, such as a fingerprint key, a fingerprint USB flash disk, a fingerprint logger and the like.
The encrypted file refers to a file obtained by calling an encryption key to an original file to be encrypted for encryption, in this embodiment, a mode of obtaining the encrypted file and the corresponding encryption key is not limited, the file may be directly encrypted by a fingerprint encryption device, or may be encrypted by conventional software, and in this case, the encrypted file and the encryption key used for encryption may be directly introduced into the fingerprint encryption device.
In the process of implementing file encryption by using a soft algorithm, a computer device implementing the soft algorithm has a risk of being attacked, so that the file encryption process is susceptible to illegal intrusion, normal operation of the file encryption process is affected, the security of the file is further affected, and in order to improve the security of the file encryption process, preferably, step s110 may specifically include the following steps:
step s111, the fingerprint password device receives a file to be encrypted;
the file to be encrypted refers to a file to be encrypted currently, and the file type is not limited herein.
Step s112, obtaining an encryption key;
the encryption key is used to encrypt the file, and the encryption type of the encryption key used in this embodiment is not limited, for example, AES symmetric encryption, DES symmetric encryption, and the like may be used.
In addition, the mode of acquiring the encryption key can be set according to actual conditions, for example, firstly, a random number is acquired through a random module in the fingerprint password device, then, the encryption key is generated and stored according to the acquired random number through a special algorithm, the key for file encryption can be fixedly stored in the fingerprint password device when the fingerprint password device is called to encrypt a file, the key cannot be exported, other users or other equipment cannot acquire the encryption key fixedly stored in the fingerprint password device, and the security of the file encryption key can be ensured; the encryption key may also be generated in real time according to an existing encryption key generation method or a device default generation method after receiving the file encryption request, which reduces the amount of data stored in the device.
It should be noted that, step s111 and step s112 may be executed in an order-switched manner, that is, the encryption key that needs to be called when the next file is encrypted may be determined first, and when the file that needs to be encrypted is determined, the encryption key may be directly called to perform file encryption processing, which may ensure that the file confidentiality process is performed quickly, and improve the file encryption efficiency.
Step s113, calling an encryption key to encrypt the file to be encrypted to obtain an encrypted file;
the process of calling the encryption key to encrypt the file can call corresponding components or algorithms according to the type of the encryption key, and since the type of the encryption key is not limited in the steps and the specific processes of encryption processing under different types may be different, the specific implementation process of calling the encryption key to encrypt the file is not limited, and the specific implementation process can refer to the existing encryption processing process, which is not described herein again.
In this embodiment, a specific description is given only in the process of calling the fingerprint password device to encrypt the file, and other ways of generating the encrypted file can refer to the description of this embodiment, which is not described herein again.
Step s120, calling the fixedly stored public key to encrypt the encryption key to obtain a secondary encryption key;
the public key is generated automatically in the fingerprint password device and fixedly stored in the fingerprint password device after being generated, the public key and the private key are generated simultaneously, the public key is used for encryption, the private key is used for decryption, and the public key is generated automatically after a user uses the fingerprint password device for the first time and verifies a login password. Then the public and private keys can be automatically obtained to encrypt and decrypt the file after the file is output to the fingerprint password device every time. In order to avoid the influence of no public and private keys on the file encryption process when the fingerprint password device is used for the first time, the following steps can be executed in advance before the file to be encrypted is received: judging whether a public-private key pair exists or not; the public and private key pair comprises a public key and a private key which are matched; if not, outputting prompt information for verifying the user password; and if the user password is received and the user password is successfully verified, generating a public-private key pair and fixedly storing the public-private key pair. If the encryption key exists, the public key can be directly called to perform the secondary encryption of the encryption key, and the situation is not limited herein.
Step s130, storing the secondary encryption key into an encrypted file to generate a file to be output;
in this embodiment, the encryption key is encrypted by the public key and stored in the encrypted file, so that the encryption key stored in the output file can be prevented from being easily obtained and threatening the security of the file content, and the encryption key is secondarily encrypted, so that even if the encryption key is determined from the output file, the encryption key is a ciphertext obtained by secondarily encrypting the public key fixedly stored in the fingerprint encryption device, the public key cannot be derived, the security is high, the encryption key secondarily encrypted by the public key can ensure high security, the encrypted key cannot be easily decrypted, and the security of the encrypted file is improved.
And step s140, exporting the file to be output.
Based on the above introduction, in the file encryption method provided in this embodiment, the file encryption key used in the file encryption process is secondarily encrypted by the public key of the fingerprint encryption device, and is stored in the encrypted file after the secondary encryption, even if the position of the encryption key in the encrypted file is determined, the file decryption cannot be directly performed by using the secondarily encrypted key, so that the security of the file is ensured, and meanwhile, the public and private keys used for performing the secondary encryption on the encryption key are safely stored in the device and cannot be exported, so that the threat of the public and private keys to the security of the file is avoided, the security and reliability of the encryption key are greatly enhanced, and the security of the file is further enhanced; in addition, the fingerprint password device can carry out user identity authentication on the encrypted file in a fingerprint authentication mode at present, greatly improves the convenience of decryption and improves the user experience compared with the traditional software encryption process in which the user password needs to be manually authenticated.
In the foregoing embodiment, the obtaining manner of the encryption key in step s112 is not limited, and in this embodiment, an implementation manner is described, which can improve the file security when multiple files are encrypted. A method for obtaining an encryption key mainly comprises the following steps:
(1) calling a random module to obtain a random number currently used for encrypting the file;
the process of determining the random number may be performed in a conventional random number determination manner, for example, a random number may be generated every preset time, and the random number is used for file encryption in the time interval until the random number is determined again in the next time interval; after receiving the file encryption request, the random number may also be determined by a random algorithm, which is only described in the above two ways as an example, and other implementation ways are not described herein again. Preferably, in order to avoid a problem that a plurality of files may be encrypted by using encryption keys generated by the same random number within the same time period or under other restrictions, and after a key is lost, the security of other files may be threatened, the random number may be determined in the following manner: after receiving the file encryption request processing, calling an encryption device to acquire a hardware random number. In the mode, the symmetric encryption keys of all the encrypted files are different, so that the independent privacy among the encrypted files can be ensured, and the safety of the files is improved.
(2) Generating an encryption key according to the random number, and storing the encryption key;
the current fingerprint encryption device has key generation and encryption processes, and the process of generating an encryption key according to a random number may directly refer to an implementation process in the current fingerprint encryption device, and of course, may also refer to a key generation process in a related encryption scheme, which is not limited herein.
Optionally, one implementation of generating the encryption key according to the random number is as follows: and generating a symmetric encryption key by using a symmetric encryption algorithm according to the random number call.
The symmetric encryption is high in efficiency, simple in algorithm and low in system overhead, and in order to improve the overall encryption efficiency under the condition of encrypting a large number of files, the symmetric encryption is taken as an example in the embodiment, and other encryption algorithms can refer to the introduction of the embodiment.
Based on the above description, the determination method of the encryption key introduced in this embodiment generates the encryption key through a random algorithm when multiple files are encrypted, so as to ensure the distinctive encryption key of the multiple files, avoid the security threat to all encrypted files after one encryption key is illegally obtained, and effectively ensure the security of the files.
To deepen understanding of the file encryption process provided in the foregoing embodiment, an overall process of encrypting a file by using a fingerprint password device is introduced herein, and fig. 2 is a schematic view of an encryption process of a fingerprint password device corresponding to this embodiment, which mainly includes the following steps:
firstly, judging whether a public-private key pair exists in the fingerprint password device, if the public-private key pair is not generated, prompting a user to verify a user password, namely generating the public-private key pair, and storing the generated public-private key pair in the fingerprint password device and not exporting the public-private key pair;
then the fingerprint password device obtains a hardware random number, a symmetric encryption key is generated according to the random number, and the generated symmetric encryption key is stored in the fingerprint password device and cannot be derived;
determining a file to be encrypted, encrypting by using the just generated symmetric key, and generating an encrypted file by using an encrypted ciphertext;
after the file is encrypted, encrypting the symmetric key by adopting a public key, and storing the encrypted result into the encrypted file;
at this point, the encrypt file operation is complete.
The file encryption method introduced in this embodiment adopts the fingerprint password device to perform encryption and decryption operations on the file, thereby solving the pain of security of a pure software encryption and decryption scheme. In the whole encryption and decryption process, the symmetric key of the encrypted file cannot be led out of the fingerprint password device, and the encryption and decryption symmetric operation is completely carried out in the fingerprint password device; the symmetric key stored in the encrypted file is also encrypted by the public key, the decryption is carried out by the private key, the public and private key operation is also completely carried out in the fingerprint password device, and the security is improved by combining the identity authentication technology and the public and private key encryption technology of the fingerprint password device and adopting a hardware encryption mode.
Referring to fig. 3, fig. 3 is a block diagram of a file encryption device according to the present embodiment; the apparatus may include: a data determination unit 110, a key encryption unit 120, a file output unit 130, and a first file export unit 140. The file encryption device provided in this embodiment can be compared with the file encryption method, and will not be described herein again.
The data determining unit 110 is mainly configured to determine an encrypted file and a corresponding encryption key; the key encryption unit 120 is mainly configured to invoke a fixedly stored public key to encrypt the encryption key, so as to obtain a secondary encryption key;
the file output unit 130 is mainly used for saving the secondary encryption key into an encrypted file to generate a file to be output;
the first file exporting unit 140 is mainly used for exporting files to be output.
The file encryption device that this embodiment provided can be located fingerprint password device, can guarantee the security of file, promotes user experience simultaneously.
Fig. 4 is a flowchart of a file decryption method provided in this embodiment, where the method corresponds to the file encryption process described in the foregoing embodiment, and the method mainly includes the following steps:
step s210, the fingerprint password device performs user fingerprint and/or login password verification;
step s220, after the verification is passed, determining a secondary encryption key in the file to be decrypted;
and step s230, calling the fixedly stored private key to decrypt the secondary encryption key to obtain the encryption key.
Because the file encryption process corresponds to the file decryption process, if the process of generating the encrypted file in the file encryption process is controlled by the fingerprint password device, the following two steps are also required to be executed after step s230 in the file decryption process:
step s240, calling the encryption key to decrypt the file to be decrypted to obtain an original file;
and step s250, exporting the original file.
If the fingerprint encryption device directly receives the encrypted file in the file encryption process, the encryption key can be output after the encryption key is obtained, so that the encrypted file can be decrypted according to the encryption key.
In the whole file decryption process described in this embodiment, only a PIN code or a verification finger needs to be input, and after the verification is passed, a private key inside the cryptographic device decrypts the key of the encrypted file, so that the file is decrypted according to the private key. The encrypted file is decrypted in a fingerprint verification mode, and the convenience of decryption is improved.
It should be noted that, in the present embodiment, the process of decrypting the file to be decrypted by the encryption key refers to the description in the file encryption method, and is not described herein again. In addition, when the verification fails, the processing method in this case is not limited in this embodiment, and the user may be prompted to perform re-verification, and a corresponding warning prompt may be performed after the number of times of verification failure exceeds a set threshold.
To deepen understanding of the file decryption method described in this embodiment, a decryption process of the fingerprint password device is described below, and fig. 5 is a decryption process diagram of the fingerprint password device, where the decryption process mainly includes the following steps:
firstly, judging whether the fingerprint or PIN code is verified correctly, if the verification fails, prompting that decryption cannot be performed, and if the verification succeeds, starting a decryption process;
sending the symmetric key encrypted by the public key in the encrypted file to a fingerprint password device, and decrypting by the fingerprint password device by adopting a private key to obtain the symmetric key which cannot be exported;
the obtained symmetric decryption encrypted file is adopted, and the process is finished inside the fingerprint password device;
so far, the operation of decrypting the file is completed.
The file decryption method provided by the embodiment adopts a design of fingerprint and PIN dual authentication, and the use experience of the user for decrypting the file is improved.
Referring to fig. 6, fig. 6 is a block diagram of a file decryption apparatus according to the present embodiment; the apparatus may include: a user authentication unit 210, a key determination unit 220, and a key decryption unit 230. The file decryption apparatus provided in this embodiment may be compared with the file decryption method, and will not be described herein again.
The user authentication unit 210 is mainly used for authenticating a user fingerprint and/or a login password;
the key determining unit 220 is mainly used for determining a secondary encryption key in the file to be decrypted after the verification is passed;
the key decryption unit 230 is mainly configured to invoke a fixedly stored private key to decrypt the secondary encryption key, so as to obtain an encryption key.
The file decryption device provided by the embodiment adopts the design of fingerprint and PIN dual authentication, and the use experience of the user for decrypting the file is improved.
Referring to fig. 7, fig. 7 is a block diagram of a fingerprint code device according to the present embodiment; the apparatus may include: a memory 300 and a processor 310. The fingerprint cryptographic device may refer to the above introduction of the file encryption method and/or the file decryption method.
The memory 300 is mainly used for storing programs;
the processor 310 is mainly used for implementing the steps of the file encryption method and/or the file decryption method when executing the program.
Referring to fig. 8, a schematic structural diagram of a fingerprint cryptographic apparatus according to this embodiment is provided, where the fingerprint cryptographic apparatus may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330 to perform a series of instruction operations in the storage medium 330 on the fingerprint password device 301.
The fingerprint password device 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
The steps in the file encryption method and the file decryption method described in fig. 1 above can be implemented by the structure of the fingerprint password device provided in this embodiment.
The present embodiment provides another functional component structure of a fingerprint cryptographic device, and the fingerprint cryptographic device mainly comprises the following modules: the device comprises a USB communication module, a fingerprint acquisition module, a management module, a public and private key module, a storage module and a symmetric encryption module. Fig. 9 is a schematic diagram illustrating a fingerprint code device according to this embodiment.
The USB communication module is responsible for communicating with operating system software to complete the USB communication function of the fingerprint password device;
the fingerprint acquisition module is responsible for acquiring user fingerprint information;
the management module is responsible for processing fingerprint data, managing public and private key generation and operation, symmetric encryption operation management and the like;
the public and private key module is responsible for generating public and private key data and completing public and private key operation;
the storage module is responsible for storing the fingerprint data and the public and private key data;
the symmetric encryption module is responsible for completing symmetric encryption operation;
the process of invoking the fingerprint encryption apparatus provided in this embodiment to perform file encryption and file decryption may refer to the description of the embodiment corresponding to fig. 2 and fig. 5, and will not be described herein again.
The fingerprint password device that this embodiment provided is different with the component mode of functional module among the fingerprint password device that figure 7 corresponds, but all can realize guaranteeing the security of file, promotes user experience's function simultaneously. For specific functional description, reference may be made to the description of the embodiments related to the file encryption method and the file decryption method in the foregoing embodiments, and details are not described herein again.
The embodiment discloses a readable storage medium, where a program is stored on the readable storage medium, and the program, when executed by a processor, implements a file encryption method and/or a file decryption method, where the file encryption method may refer to the embodiment corresponding to fig. 1, and the file decryption method may refer to the embodiment corresponding to fig. 4, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The document encryption method, the document encryption device, the document decryption method, the document decryption device, the fingerprint encryption device and the readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

Claims (10)

1. A method for encrypting a file, comprising:
the fingerprint password device determines an encrypted file and a corresponding encrypted key;
calling a fixedly stored public key to encrypt the encryption key to obtain a secondary encryption key;
storing the secondary encryption key into the encrypted file to generate a file to be output;
and exporting the file to be output.
2. The file encryption method of claim 1, wherein the fingerprint cryptographic device determines the encrypted file and the corresponding encryption key, comprising:
a fingerprint password device receives a file to be encrypted;
acquiring an encryption key;
and calling the encryption key to encrypt the file to be encrypted to obtain an encrypted file.
3. The file encryption method of claim 2, wherein said obtaining an encryption key comprises:
calling a random module to obtain a random number currently used for encrypting the file;
and generating an encryption key according to the random number, and storing the encryption key.
4. The file encryption method of claim 3, wherein generating an encryption key based on the random number comprises:
and calling a symmetric encryption algorithm according to the random number to generate a symmetric encryption key.
5. The file encryption method of claim 2, before the fingerprint password means receives the file to be encrypted, further comprising:
judging whether a public-private key pair exists or not; the public and private key pair comprises a public key and a private key which are matched;
if not, outputting prompt information for verifying the user password;
and if the user password is received and the user password is successfully verified, generating a public-private key pair and fixedly storing the public-private key pair.
6. A file encryption apparatus, comprising:
the data determining unit is used for determining the encrypted file and the corresponding encrypted secret key; the secret key encryption unit is used for calling the fixedly stored public key to encrypt the encryption secret key to obtain a secondary encryption secret key;
the file output unit is used for storing the secondary encryption key into the encrypted file to generate a file to be output;
and the first file exporting unit is used for exporting the file to be output.
7. A method for decrypting a file, comprising:
the fingerprint password device carries out user fingerprint and/or login password verification;
when the verification is passed, determining a secondary encryption key in the file to be decrypted;
and calling a fixedly stored private key to decrypt the secondary encryption key to obtain an encryption key.
8. A file decryption apparatus, comprising:
the user authentication unit is used for authenticating the user fingerprint and/or the login password;
the key determining unit is used for determining a secondary encryption key in the file to be decrypted after the verification is passed; and the key decryption unit is used for calling the fixedly stored private key to decrypt the secondary encryption key to obtain the encryption key.
9. A fingerprint cryptographic device, comprising:
a memory for storing a program;
a processor for implementing the steps of the file encryption method of any one of claims 1 to 5 and/or the file decryption method of claim 7 when executing the program.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a program which, when being executed by a processor, carries out the steps of the file encryption method according to any one of claims 1 to 5 and/or the file decryption method according to claim 7.
CN201911184417.7A 2019-11-27 2019-11-27 File encryption and decryption method and device, fingerprint password device and readable storage medium Pending CN110941809A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911184417.7A CN110941809A (en) 2019-11-27 2019-11-27 File encryption and decryption method and device, fingerprint password device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911184417.7A CN110941809A (en) 2019-11-27 2019-11-27 File encryption and decryption method and device, fingerprint password device and readable storage medium

Publications (1)

Publication Number Publication Date
CN110941809A true CN110941809A (en) 2020-03-31

Family

ID=69908369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911184417.7A Pending CN110941809A (en) 2019-11-27 2019-11-27 File encryption and decryption method and device, fingerprint password device and readable storage medium

Country Status (1)

Country Link
CN (1) CN110941809A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111767529A (en) * 2020-05-18 2020-10-13 广州视源电子科技股份有限公司 File encryption method, file decryption method, storage medium and electronic device
CN112784303A (en) * 2021-01-26 2021-05-11 政采云有限公司 File encryption method, device, system and storage medium
CN113032802A (en) * 2021-03-09 2021-06-25 航天信息股份有限公司 Data security storage method and system
CN113378136A (en) * 2021-06-08 2021-09-10 罗克佳华(重庆)科技有限公司 Fingerprint identification method and device, password key and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788991A (en) * 2016-12-05 2017-05-31 北京中交兴路信息科技有限公司 A kind of method and device of data transfer
CN107094074A (en) * 2017-06-28 2017-08-25 东信和平科技股份有限公司 A kind of data ciphering method and data encryption device
CN107465665A (en) * 2017-07-11 2017-12-12 上海互啊佑智能科技有限公司 A kind of file encryption-decryption method based on fingerprint identification technology
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788991A (en) * 2016-12-05 2017-05-31 北京中交兴路信息科技有限公司 A kind of method and device of data transfer
CN107094074A (en) * 2017-06-28 2017-08-25 东信和平科技股份有限公司 A kind of data ciphering method and data encryption device
CN107465665A (en) * 2017-07-11 2017-12-12 上海互啊佑智能科技有限公司 A kind of file encryption-decryption method based on fingerprint identification technology
CN109120639A (en) * 2018-09-26 2019-01-01 众安信息技术服务有限公司 A kind of data cloud storage encryption method and system based on block chain

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111767529A (en) * 2020-05-18 2020-10-13 广州视源电子科技股份有限公司 File encryption method, file decryption method, storage medium and electronic device
CN112784303A (en) * 2021-01-26 2021-05-11 政采云有限公司 File encryption method, device, system and storage medium
CN112784303B (en) * 2021-01-26 2022-11-22 政采云有限公司 File encryption method, device, system and storage medium
CN113032802A (en) * 2021-03-09 2021-06-25 航天信息股份有限公司 Data security storage method and system
CN113032802B (en) * 2021-03-09 2023-09-19 航天信息股份有限公司 Data security storage method and system
CN113378136A (en) * 2021-06-08 2021-09-10 罗克佳华(重庆)科技有限公司 Fingerprint identification method and device, password key and storage medium
CN113378136B (en) * 2021-06-08 2022-10-25 罗克佳华(重庆)科技有限公司 Fingerprint identification method and device, password key and storage medium

Similar Documents

Publication Publication Date Title
CN109150835B (en) Cloud data access method, device, equipment and computer readable storage medium
EP3373510B1 (en) Method and device for realizing session identifier synchronization
US9673975B1 (en) Cryptographic key splitting for offline and online data protection
CN106330850B (en) Security verification method based on biological characteristics, client and server
EP3324572B1 (en) Information transmission method and mobile device
US20170063827A1 (en) Data obfuscation method and service using unique seeds
CN107295011B (en) Webpage security authentication method and device
CN110941809A (en) File encryption and decryption method and device, fingerprint password device and readable storage medium
CN106452770B (en) Data encryption method, data decryption method, device and system
CN110059458B (en) User password encryption authentication method, device and system
CN107454048B (en) Information processing method and device, and information authentication method, device and system
EP2398208A2 (en) Method for securing transmission data and security system for implementing the same
CN107005577B (en) Fingerprint data processing method and processing device
CN110659467A (en) Remote user identity authentication method, device, system, terminal and server
CN101420302A (en) Safe identification method and device
CN106533677B (en) A kind of user login method, user terminal and server
WO2017050152A1 (en) Password security system adopted by mobile apparatus and secure password entering method thereof
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
US9210134B2 (en) Cryptographic processing method and system using a sensitive data item
CN117240625B (en) Tamper-resistant data processing method and device and electronic equipment
CN113872989A (en) Authentication method and device based on SSL protocol, computer equipment and storage medium
CN111291398B (en) Block chain-based authentication method and device, computer equipment and storage medium
CN110912857B (en) Method and storage medium for sharing login between mobile applications
CN113872979B (en) Login authentication method, login authentication device, electronic equipment and computer readable storage medium
CN110968878A (en) Information transmission method, system, electronic device and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200331

RJ01 Rejection of invention patent application after publication